By Monique Lucey
As we wrote in a previous blog entry, cloud computing holds tremendous benefits for higher education institutions in terms of data center footprint reduction, cost savings and streamlining staff. However, as we’ll dig into now, it also has challenges that must be overcome.
Cloud computing relies heavily on virtualization to ensure that service providers get the most use out of their physical infrastructure and, therefore, can keep costs down. However, the same virtual architecture that provides an inexpensive alternative to on-site infrastructure can wreak havoc with a university’s privacy and security policies.
For instance, service providers will often house several customers’ applications and data on a single physical host. If you’re under privacy mandates that require you to keep sensitive information separate, this strategy can pose problems.
Cloud computing providers also take advantage of the load balancing that virtualization offers by enabling virtual machines to be moved among physical hosts. This goes a long way to ensuring the availability and fault-tolerance of your applications, but it also puts you at risk of non-compliance since you cannot consistently know the physical location of your data as some mandates require. Also, you could be in jeopardy if you are beholden to country-specific rules that forbid the transmittal of sensitive information across national borders.
With data moving between multiple physical hosts and multiple data centers, IT can no longer rely on site visits to a service provider’s facilities as a checkbox for off-site data security.
Rather than tossing aside the idea of cloud computing altogether, academic institutions can sign on with private cloud providers and then extend their own network management platform to include the service provider’s environment. This approach enables you to apply your current regulatory and internal policies and their enforcement to your cloud computing services.
For instance, you can set policies that restrict virtual machines carrying sensitive information from being moved around. Also, you can monitor virtual switches to ensure that configuration changes don’t result in private data becoming public.
Finally, IT can use a network management platform to implement the same role-based access users would have in your own data center. This eases the burden of authorization management, auditing and reporting.
So, while cloud computing presents privacy and security obstacles, wise use of your network management platform can quickly alleviate them, enabling you to enjoy the benefits of these cost-efficient services.
